Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 925161 (CVE-2024-1669, CVE-2024-1670, CVE-2024-1671, CVE-2024-1672, CVE-2024-1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676) - <www-client/chromium-122.0.6261.57 <www-client/google-chrome-122.0.6261.57, <www-client/microsoft-edge-122.0.2365.59, www-client/opera: Multiple vulnerabilities
Summary: <www-client/chromium-122.0.6261.57 <www-client/google-chrome-122.0.6261.57, <...
Alias: CVE-2024-1669, CVE-2024-1670, CVE-2024-1671, CVE-2024-1672, CVE-2024-1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [stable?]
Keywords: PullRequest
Depends on:
Reported: 2024-02-21 10:06 UTC by Matt Jolly
Modified: 2024-03-01 05:01 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-02-21 10:06:09 UTC
Chrome 122.0.6261.57 (Linux and Mac), 122.0.6261.57/.58( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 122.

Security Fixes and Rewards

This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26

[$5000][41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06

[$8000][41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03

[$3000][41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19

[$2000][41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11

[$1000][40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27

[$1000][41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21

[$1000][40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[326063910] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Larry the Git Cow gentoo-dev 2024-02-22 04:28:42 UTC
The bug has been referenced in the following commit(s):

commit 1a459c12753183164602e44a9a9c1374c0f14ecb
Author:     Ninpo <>
AuthorDate: 2024-02-21 11:56:36 +0000
Commit:     Sam James <>
CommitDate: 2024-02-22 04:27:45 +0000

    www-client/chromium: add 122.0.6261.57
    Signed-off-by: Ninpo <>
    Signed-off-by: Sam James <>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-122.0.6261.57.ebuild | 1382 +++++++++++++++++++++
 2 files changed, 1383 insertions(+)
Comment 2 Laszlo Valko 2024-02-23 12:07:25 UTC
sorry guys, this is aleady obsolete...
now we have .69/.70 out
Comment 3 Larry the Git Cow gentoo-dev 2024-02-28 03:58:47 UTC
The bug has been referenced in the following commit(s):

commit dfac90a71388e926e1e2fa909b2082d2b34b8ea3
Author:     Matt Jolly <>
AuthorDate: 2024-02-28 03:28:40 +0000
Commit:     Matt Jolly <>
CommitDate: 2024-02-28 03:58:14 +0000

    www-client/microsoft-edge: automated bump (122.0.2365.59)
    Signed-off-by: Matt Jolly <>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-122.0.2365.59.ebuild            | 127 +++++++++++++++++++++
 2 files changed, 128 insertions(+)